- بادئ الموضوع kjrs1958
- تاريخ البدء
- 870
dяăģôŋ
ذيبان
غير متصل
حيالله خليف
حمل هذه الاداة واحفظها على سطح المكتب
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
حمل هذه الاداة واحفظها على سطح المكتب
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
انتظر حتى الاداة تنتهي من فحص جهازك ,,, وبشكل تلقائي يعاد تشغيل جهازك ,,
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
انتظر حتى يظهر لك تقرير ,, انسخه والصقه بردك القادم
--------------------------------------------
( 2 )
واعمل تقرير للهايجاك
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
اذا انتهى التحميل ==> شغل البرنامج ==> واضغط على Do a system scan and save log
لحظات ويظهر لك تقرير ,, انسخه والصقه بردك القادم
تأييد
0
ComboFix 08-10-21.05 - خلف 10/22/2008 19:03:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1256.1.1025.18.914 [GMT 3:00]
Running from: C:\Users\خلف\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 16:00 320,000 ----a-w C:\Windows\System32\CF24587.exe
2008-10-22 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-22 15:55 --------- d-----w C:\ProgramData\Symantec
2008-10-22 15:55 --------- d-----w C:\Program Files\Symantec
2008-10-22 14:51 --------- d-----w C:\Program Files\SpyRemover Pro
2008-10-22 14:48 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-10-22 14:32 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-10-22 11:58 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-10-21 00:02 --------- d---a-w C:\ProgramData\TEMP
2008-10-20 21:54 --------- d-----w C:\Program Files\QuickTime
2008-10-20 21:53 --------- d-----w C:\ProgramData\Apple Computer
2008-10-20 21:53 --------- d-----w C:\ProgramData\Apple
2008-10-20 21:53 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-20 21:53 --------- d-----w C:\Program Files\Apple Software Update
2008-10-20 09:27 --------- d-----w C:\Program Files\TVPlayerClassic
2008-10-20 06:48 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-10-20 06:48 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-10-20 06:48 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-10-20 06:48 356,864 ----a-w C:\Windows\System32\MediadataHandler.dll
2008-10-20 06:48 268,800 ----a-w C:\Windows\System32\es.dll
2008-10-20 06:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-10-20 06:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-10-20 05:14 --------- d-----w C:\ProgramData\P4G
2008-10-20 05:14 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-20 05:14 --------- d-----w C:\Program Files\Windows Mail
2008-10-20 05:14 --------- d-----w C:\Program Files\Windows Defender
2008-10-19 11:37 174 --sha-w C:\Program Files\desktop.ini
2008-10-19 11:30 --------- d-----w C:\Program Files\Google
2008-10-19 11:26 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-10-19 11:26 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-10-19 11:26 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-10-19 11:26 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-10-19 11:26 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-10-19 11:26 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-10-19 11:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-10-19 11:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-10-19 11:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-10-19 11:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-10-19 11:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-10-19 11:25 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-10-19 11:24 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-10-19 11:24 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-10-19 11:24 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-10-19 11:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-10-19 11:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-10-19 11:20 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-10-19 11:20 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-10-19 11:15 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-10-19 11:15 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-10-19 11:14 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-10-19 11:13 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-10-19 11:13 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-10-19 11:12 2,027,520 ----a-w C:\Windows\System32\win32k.sys
2008-10-19 11:11 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-10-19 11:11 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-10-19 11:11 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-10-19 11:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-10-19 11:11 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-10-19 11:11 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-10-19 11:11 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-10-19 11:11 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-10-19 11:11 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-10-19 11:11 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-10-19 11:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-10-19 11:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-10-19 11:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-10-19 11:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-10-19 11:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-10-19 11:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-10-19 11:09 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-10-19 11:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-10-19 11:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-10-19 11:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-10-19 11:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-10-19 11:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-10-19 11:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-10-19 11:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-10-19 11:05 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-10-19 11:03 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-10-19 11:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-10-19 11:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-10-19 11:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-10-19 11:01 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-10-19 11:01 290,304 ----a-w C:\Windows\system32\drivers\srv.sys
2008-10-19 11:00 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-10-19 11:00 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-10-19 11:00 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-10-19 11:00 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-10-19 11:00 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-10-19 11:00 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-10-19 11:00 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-10-19 11:00 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-10-19 11:00 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-10-19 11:00 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-10-19 11:00 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-10-19 10:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-10-19 10:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-10-19 10:58 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-10-19 10:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-10-19 10:58 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 03:34 PM 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [11/02/2006 03:34 PM 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/22/2006 12:31 PM 630784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 10:35 PM 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/01/2007 04:24 PM 857648]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [10/18/2008 01:34 PM 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [10/18/2008 01:34 PM 37232]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/19/2008 09:03 AM 185872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [09/06/2008 03:09 PM 413696]
"RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 12:07 PM 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe [2008-01-09 679936]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-09-11 11713536]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-760779992-27893527-946909932-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9186D09C-2419-49CF-A392-A7902A58C498}C:\\program files\\paltalk messenger\\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe
altalkScene
"UDP Query User{497953FC-A30B-46AD-B64B-256E76C00A90}C:\\program files\\paltalk messenger\\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exealtalkScene
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [10/30/2006 06:22 AM 8192]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [07/21/2007 05:05 PM 2920448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.asus.com/
R0 -: HKLM-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-10-22 19:08:45
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/22/2008 19:11:14
ComboFix-quarantined-files.txt 2008-10-22 16:11:04
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 41,519,665,152 bytes free
182 --- E O F --- 2008-10-21 00:03:33
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1256.1.1025.18.914 [GMT 3:00]
Running from: C:\Users\خلف\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-22 to 2008-10-22 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 16:00 320,000 ----a-w C:\Windows\System32\CF24587.exe
2008-10-22 15:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-22 15:55 --------- d-----w C:\ProgramData\Symantec
2008-10-22 15:55 --------- d-----w C:\Program Files\Symantec
2008-10-22 14:51 --------- d-----w C:\Program Files\SpyRemover Pro
2008-10-22 14:48 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-10-22 14:32 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-10-22 11:58 --------- d-----w C:\Program Files\WinZip Self-Extractor
2008-10-21 00:02 --------- d---a-w C:\ProgramData\TEMP
2008-10-20 21:54 --------- d-----w C:\Program Files\QuickTime
2008-10-20 21:53 --------- d-----w C:\ProgramData\Apple Computer
2008-10-20 21:53 --------- d-----w C:\ProgramData\Apple
2008-10-20 21:53 --------- d-----w C:\Program Files\Common Files\Apple
2008-10-20 21:53 --------- d-----w C:\Program Files\Apple Software Update
2008-10-20 09:27 --------- d-----w C:\Program Files\TVPlayerClassic
2008-10-20 06:48 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-10-20 06:48 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-10-20 06:48 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-10-20 06:48 356,864 ----a-w C:\Windows\System32\MediadataHandler.dll
2008-10-20 06:48 268,800 ----a-w C:\Windows\System32\es.dll
2008-10-20 06:47 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-10-20 06:47 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-10-20 05:14 --------- d-----w C:\ProgramData\P4G
2008-10-20 05:14 --------- d-----w C:\Program Files\Windows Sidebar
2008-10-20 05:14 --------- d-----w C:\Program Files\Windows Mail
2008-10-20 05:14 --------- d-----w C:\Program Files\Windows Defender
2008-10-19 11:37 174 --sha-w C:\Program Files\desktop.ini
2008-10-19 11:30 --------- d-----w C:\Program Files\Google
2008-10-19 11:26 61,440 ----a-w C:\Windows\System32\winipsec.dll
2008-10-19 11:26 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2008-10-19 11:26 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2008-10-19 11:26 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-10-19 11:26 272,896 ----a-w C:\Windows\System32\polstore.dll
2008-10-19 11:26 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-10-19 11:25 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-10-19 11:25 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-10-19 11:25 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-10-19 11:25 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-10-19 11:25 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-10-19 11:25 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-10-19 11:24 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-10-19 11:24 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-10-19 11:24 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-10-19 11:22 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-10-19 11:22 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-10-19 11:20 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-10-19 11:20 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-10-19 11:15 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-10-19 11:15 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-10-19 11:14 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-10-19 11:13 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-10-19 11:13 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2008-10-19 11:12 2,027,520 ----a-w C:\Windows\System32\win32k.sys
2008-10-19 11:11 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-10-19 11:11 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-10-19 11:11 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-10-19 11:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-10-19 11:11 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-10-19 11:11 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-10-19 11:11 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-10-19 11:11 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-10-19 11:11 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-10-19 11:11 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-10-19 11:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-10-19 11:09 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-10-19 11:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-10-19 11:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-10-19 11:09 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-10-19 11:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-10-19 11:09 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-10-19 11:08 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-10-19 11:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-10-19 11:07 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-10-19 11:07 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-10-19 11:07 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-10-19 11:07 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-10-19 11:07 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-10-19 11:05 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-10-19 11:03 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2008-10-19 11:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-10-19 11:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-10-19 11:02 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-10-19 11:01 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-10-19 11:01 290,304 ----a-w C:\Windows\system32\drivers\srv.sys
2008-10-19 11:00 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-10-19 11:00 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-10-19 11:00 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-10-19 11:00 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-10-19 11:00 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-10-19 11:00 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-10-19 11:00 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-10-19 11:00 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-10-19 11:00 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-10-19 11:00 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-10-19 11:00 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-10-19 10:59 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-10-19 10:58 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-10-19 10:58 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-10-19 10:58 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-10-19 10:58 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [10/18/2007 11:34 AM 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 03:34 PM 201728]
"WindowsWelcomeCenter"="oobefldr.dll" [11/02/2006 03:34 PM 2159104 C:\Windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [11/22/2006 12:31 PM 630784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 10:35 PM 90112]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/01/2007 04:24 PM 857648]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [10/18/2008 01:34 PM 33136]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [10/18/2008 01:34 PM 37232]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM 583048]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/19/2008 09:03 AM 185872]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [09/06/2008 03:09 PM 413696]
"RtHDVCpl"="RtHDVCpl.exe" [02/15/2007 12:07 PM 4390912 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Nokia Nseries PC Suite.lnk - C:\Program Files\Nokia\NNPCS\RunLauncher.exe [2008-01-09 679936]
PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe [2008-09-11 11713536]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-760779992-27893527-946909932-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{9186D09C-2419-49CF-A392-A7902A58C498}C:\\program files\\paltalk messenger\\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe
altalkScene"UDP Query User{497953FC-A30B-46AD-B64B-256E76C00A90}C:\\program files\\paltalk messenger\\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe
altalkScene[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [10/30/2006 06:22 AM 8192]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [07/21/2007 05:05 PM 2920448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.asus.com/
R0 -: HKLM-Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
Rootkit scan 2008-10-22 19:08:45
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 10/22/2008 19:11:14
ComboFix-quarantined-files.txt 2008-10-22 16:11:04
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 41,519,665,152 bytes free
182 --- E O F --- 2008-10-21 00:03:33
تأييد
0
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:25:17 م, on 22/10/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\خلف\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 4918 bytes
Scan saved at 07:25:17 م, on 22/10/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\خلف\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash ) -
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
--
End of file - 4918 bytes
تأييد
0
dяăģôŋ
ذيبان
غير متصل
حدد التالى واحذف
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O13 - Gopher Prefix:
طريقة الحذف
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
يجب عليك
تسجيل الدخول
او
تسجيل لمشاهدة الرابط المخفي
O4 - Startup: Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exeO13 - Gopher Prefix:
طريقة الحذف
التعديل الأخير بواسطة المشرف:
تأييد
0